Overview
The purpose of this guide is to help us in creating, remove
or modify a user account on Linux server. In this guide we will focus on user
add, removal and modifying.
Applies To
·
Tested on CentOS 7 and RHEL 7
User Management – Insight
In Linux users are managed by
useradd, userdel and usermod commands.
There are 3 types of users
namely, Super User Account, System User Account, Normal Account
User Type and Purpose
User Type is defined and determined by User ID assigned to
the user. Ideally only one super user should be created.
User
|
User Type
|
User ID
|
Group ID
|
Information
|
root
|
Super
|
0
|
0
|
Also called root user
|
apache
|
System
|
1
|
1
|
Apache webserver owner and service account
|
test.user
|
Normal
|
500
|
500
|
Normal User Account
|
User ID and Group ID Range
User ID Range and Group ID Range is assigned is determined
based on setting in the file “/etc/login.defs”.
User Type
|
UID Range
|
GID Range
|
Information
|
Super
|
0
|
0
|
root user is always created with UID &
GID 0
|
System
|
1 to 499
|
1 to 499
|
System account can be created within the range
|
Normal
|
500 to 60000
|
500 to 60000
|
Normal account can be created within the
range
|
Note: Choosing
the above UID & GID is advisable because of easier identification of user
account type.
cat /etc/login.defs | grep -e
'UID\|GID'
User Login Shell
User’s Login shell can be assigned to a user as per the list
in the file “/etc/shells”. This list is also
supported shells on the servers.
User Add Options
In this section we will create user with few different
options. In order to create a user you need provide mandatory “username” and all other attributes are
optional.
Option
|
Purpose
|
-u
|
User Account’s User ID (number)
|
-g
|
User Account’s Group ID (number)
|
-d
|
Create Home Directory in path
|
-c
|
Comments for the user, typically User’s Full Name or profile
|
-s
|
User’s Login shell
|
-o
|
Create User with Existing user ID (duplicate)
|
Defaults are determined based on the setting in the file “/etc/default/useradd” or execute command useradd -D.
User Management – USERADD
In this section we will create users with different options,
to create a user execute the command “useradd”
as per the business need pass the optional parameters.
Create User – No Options
To create user account, run the command; once you create the
account, user’s login password has to be set with the command “passwd” as shown below;
useradd test.user1
passwd test.user1
To know the User’s User ID run the command below;
cat /etc/passwd | grep |
test.user1 | awk -F":" '{ print "User " $1,"UID is
"$3}'
Create User – Set User ID
To create a user account with a specific User ID, run the
command;
useradd -u 1500 test.user2
passwd test.user2
Create User – Set Group ID
To create a user account and assign to a specific Group ID,
run the command, this group should already exists.
useradd -g 100 test.user3
passwd test.user3
Create User – Set Home Directory
To create a user account with a non-default home directory,
run the command;
useradd -d /home/appln.user
test.user4
passwd test.user4
Create User – Comment
To create a user account with a comment, run the command;
useradd -c "Test User
#5" test.user5
passwd test.user5
Create User – Login Shell
To create a user account with a non-default shell (bash),
run the command;
useradd -s /bin/sh test.user6
passwd test.user6
Create User – Duplicate User ID
To create a user account with non-unique user ID, run the
command;
useradd -ou 1500 test.user7
passwd test.user7
Create User – Account Expiry Date
To create a user account with account expiry, run the
command; Typically these accounts are created for a temporary time period.
By default when you create a user without option “-e” user account is expiry date is set
to “0”, which means account never expires.
useradd -u 100 -e 2016-08-31
test.user8
passwd test.user8
chage -l test.user8
Create User – No Home Directory
To create a user account without home directory, run the
command;
useradd -g 100 -M test.user9
passwd test.user9
ls -l /home/test.user9
Create User – No Shell
To create a user account without shell (user is restricted
to login), run the command;
useradd -g 100 -s /sbin/nologin
test.user10
cat /etc/passwd | grep -E
"test.user10| nologin"
User Management – USERMOD
In this section we will modify user account with different
options, to modify a user execute the command “usermod” as per the business need pass the optional parameters.
Modify User – User ID
At times a user account might have been created with wrong
user ID, hence to modify the user ID and also you don’t want to have duplicate
user ID, run the command;
usermod -u 1507 test.user1
Note: Existing
User ID can’t be assigned to a user, a new User ID has to be assigned.
Modify User – Primary Group ID
If a user has been changed to a different project and you
would like to change the group, run the command;
usermod -g 1005 test.user2
Note: The existing primary group will be
replaced.
Modify User – Append Groups
If a user has been included to work on more than one project
and user has to be appended to new groups. To include user to additional
groups, run the command;
usermod -aG 1003,1004 test.user3
Modify User – Move Home Directory
If you want to move home directory along with existing user
files, run the command; give the new home directory location for the user.
usermod -d /home/test.user4 -m
test.user4
Modify User – Comment
If you want to the change the comment of the exiting user,
run the command;
usermod -c "Modified
Comment" test.user5
cat /etc/passwd | grep -e
"test.user5\|Modified Comment"
Modify User – Login Name
If the user account was created with an wrong username and
you intend change the login name, run the command;
Note: The user's
home directory or mail spool should probably be renamed manually to reflect the
new login name, see move home directory command.
usermod -l test.user6 changed.login.user
Modify User – Login Shell
If you want to change the user’s login shell, run the
command;
usermod -s /bin/sh test.user7
Modify User – Lock User
In order to lock a user account, when a user account is
locked in “/etc/shadow” file against
the user’s password is prefixed with “!” which signifies
that the account is locked.
usermod -L test.user8
Modify User – Unlock User
In order to unlock a user account, when a user account is
locked in “/etc/shadow” file against
the user’s password is prefixed with “!” which signifies
that the account is locked. To revoke / unlock it run the command;
usermod -U test.user8
User Management – USERDEL
In this section we will delete user account with different
options, to delete a user execute the command “userdel” as per the business need pass the optional parameters.
Delete User – Username
To delete a user and retain user’s files (home directory),
run the command;
Note: If the
user’s group is also primary group of any other user account, other user
account will not be deleted.
userdel test.user1
Delete User – Home Directory
To delete a user and also user’s files (home directory), run
the command;
userdel -r test.user2
Delete User – Force Removal
To delete a user by force, run the command;
userdel -f test.user4
Caution: Be careful
when you remove user with force option, if there any processes running with
this account also will be ignored and user would be removed.
To delete a user by force along with user files also, run the command;
userdel -rf test.user4
No comments:
Post a Comment